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DETAILED ACTION 

1 . This communication is in response to applicant's amendment filed on 
11/26/2008. Claim 12 has been cancelled, claims 1, 14 and 16 have been amended. 
Claims 1-7, 9-11, 13-14 and 16-22 remain pending. 

2. Applicant's amendment to claims 1,14 and 16 obviate previously raised rejection 
under 35 USC 112, 2 nd paragraph. Rejection under 35 USC 112, 2 nd paragraph is 
hereby withdrawn. 

Specification 

3. The disclosure is objected to because of the following informalities: 

• The specification page 6 line 3 discloses:". ..remote addresses 1 08-1 18.." which 
suggests that there are remote addresses 1 09, 1 1 1 , 1 1 3, 1 1 5 and 1 1 7 which is 
not the case. Please say: "108, 110, 112, 114, 116 and 118". Similarly on page 6 
line 3, 4, 5-6, 7-8, 8, page 8 lines 18, 19, 21, page 9 lines 2, 8, 11, 14, 15, page 

1 0 lines 9, 1 7, page 1 1 line 3 and page 1 3 lines 10-11 . 

• The specification page 8 line 1 6 and page 1 3 line 1 8 refer to Fig1 . It should say 
Fig 1A since Fig1 doesn't exist. 

• The specification page 15 line 5 refers to RAU by 203. It should be labeled 206 to 
be consistent with earlier references and figure 2. Appropriate correction is 
required. 
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Response to Arguments 

4. Applicant's arguments filed 11/26/2008 have been fully considered but they are 
not persuasive. 

5. It has been argued (page 6 of the remarks) that the amendment recitation 
"properly authenticated pattern of connection requests, probes, and scans" is not taught 
by either Kalajan or Teraoka. Instead, Kalajan discloses using password systems to 
validate communication packets and Teraoka teaches the usage of "source-host 
authenticator" within a packet header that contains a "predetermined secret key" used 
for authentication purpose. 

6. Applicant's interpretation of the references is noted. However, the specification of 
the current application page 7 lines 11-15 states: 

Authentication techniques can include the use of other patterns and techniques such as 
hash values, behavioral combinations (e.g., data packets sent to a port in a pre-defined 
sequence), pre-defined passwords, shared secrets , and authorized address lists. Other 
techniques may include passwords that can be converted into a series of operations or 
other passwords. 

Kalajan disclose password systems as a means for validation of communication packets 
(see column 4, lines 1-15). However Teraoka specifically identifies a source-host 
authenticator within in the packet header which is used for authentication purposes. 
Teraoka's source-host authenticator contains a predetermined secret key (Ks) which is 
well known in the art to be equivalent to a password (see column 7, line 47). 
Furthermore, the source-host authenticator is calculated by computing a checksum 
(which is also well known in the art to ensure data integrity and error detection) and the 
secret key of the data packet (see column 7, lines 59-64). Therefore, it would have been 
obvious to authenticate a source-host (i.e. port) using pre-defined passwords. 
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7. It has been argued (page 6 of the remarks) that the amendment recitation 
"allowing the remote address to establish, through a connection request received during 
the configurable period of time, a connection with the host via a port with which the 
request is associated and closing the port after expiration of the configurable period of 
time" is not taught by either Kalajan or Teraoka. 

8. Applicant's interpretation of the references is noted. However, Kalajan teaches 
this feature in column 1 line 65-column 2 line 8, column 2 lines 61-64 and column 4 line 
66-column 5 line 4 as describe below. 

Claim Rejections - 35 USC § 103 
The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

9. Claims 1-7, 9 - 1 1 , 13-14, and 16-22 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Kalajan in US Patent No. 6202156 (hereinafter US '156) further 
in view of Teraoka in US Patent No. 6009528 (hereinafter US '528). 

1 0. For claim 1 , and similar independent claims 1 4 and 16, US '1 56 discloses: 
A method for network security comprising: 

receiving a request from a remote address at a host; 
observing a behavioral pattern of packets associated with the request; 
authenticating the remote address based on the behavioral pattern of the 
packets associated with the request; and 

enabling access to the host by the remote address for a configurable time 
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period if the remote address is authenticated; (see Abstract; Figure 1; column 1, 
lines 35 - 63, 65 - column 2, lines 1 - 10, 29 - 34, 37 - 43, 50 - 58: process of 
validating access request..., 60 - 65: time period...; column 6, lines 47 - 51 : packet 
observation...) 

and wherein enabling access comprising allowing the remote address to establish, 
through a connection request received during the configurable period of time, a 
connection with the host via a port with which the request is associated and closing the 
port after expiration of the configurable period of time, (see column 1 line 65-column 2 
line 8, column 2 lines 61-64 and column 4 line 66-column 5 lines 1-4). 
but does not expressly disclose wherein the authentication is based at least in part a 
determination that the observed behavioral pattern of the packets matches a properly 
authenticated pattern of connection requests, probes, or scans; 
(Kalajan et al discloses that password systems as a means for validation of 
communication packets (see column 4, lines 1-15). 

Teraoka however in US '528 teaches wherein the authentication is based at least 
in part a determination that the observed behavioral pattern of the packets matches a 
properly authenticated pattern of connection requests, probes, or scans, (see Abstract; 
column 7, lines 43 - 46: authentication information is in the packet header; column 7, 
lines 53 - 58: packet header contents; column 9, lines 16-23: packet header 
authentication and see column 7, lines 53-58: source-host authenticator includes 
predetermined secret key (see column 7, line 47, 60-65)). 
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Kalajan and Teraoka are analogous art because they are from the same problem 
solving areas (enhancing the security of communication on a network). At the time of 
the invention, it would have been obvious to a skilled artisan to modify the method of 
packet authentication of Kalajan such "that it would be based at least in part a 
determination that the observed behavioral pattern of the packets matches a properly 
authenticated pattern of connection requests, probes, and scans" such as packet 
header authentication as in Teraoka. The motivation for doing so would have been to 
enhance network security. 

1 1 . For claim 2, and similar claim 17, US '156 teaches: 

A method for preventing network discovery of a system services configuration as recited 
in claim 1 further including preventing a response from being sent to the remote 
address, (see column 1 , lines 36 - 37; column 3, lines 17-20) 

12. For claim 3, and similar claim 18, US '156 discloses: 

A method for preventing network discovery of a system services configuration as recited 
in claim 1 wherein receiving a request from a remote address at the host further 
includes receiving a probe, (see column 2, lines 42 - 43; column 4, lines 41 - 43, 58 - 
61) 

1 3. For claim 4, and similar claim 1 9 US '1 56 discloses: 

A method for preventing network discovery of a system services configuration as recited 
in claim 1 wherein observing a pattern associated with the request further includes 
recording data received at the host, (see column 4, lines 33: firewall; column 6, lines 47 
-56) 
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14. For claim 5, and similar claim 20, US '156 teaches: 

A method for preventing network discovery of a system services configuration as recited 
in claim 1 wherein observing a pattern associated with the request further includes 
matching the pattern to a list, (see column 4, lines 1-11) 

1 5. For claim 6, US '1 56 teaches: 

A method for preventing network discovery of a system services configuration as recited 
in claim 1 wherein observing a pattern associated with the request further includes 
recording a sequence, (see column 4, lines 1 - 1 1 , 35 - 39 and 54 -61 ) 

16. For claim 7, and similar claim 21 US '1 56 teaches: 

A method for preventing network discovery of a system services configuration as recited 
in claim 1 wherein authenticating the remote address based on the pattern associated 
with the request further includes comparing the pattern to a list, (see column 4, lines 1 - 
11 and 54-61) 

1 7. For claim 9, and similar claim 22 US '1 56 discloses: 

A method for preventing network discovery of a system services configuration as recited 
in claim 1 wherein authenticating the remote address based on the pattern associated 
with the request further includes preventing a response being sent to the remote 
address if the remote address fails to authenticate, (see column 4, lines 62 - 65: 
blocked by firewall; column 5, lines 53 - 56) 

18. For claim 1 0, US '1 56 teaches: 

A method for preventing network discovery of a system services configuration as recited 
in claim 1 wherein authenticating the remote address based on the pattern associated 



Application/Control Number: 10/666,843 Page 8 

Art Unit: 2432 

with the request further includes denying access to the host if the remote address fails 
to authenticate, (see column 5, lines 53 - 56 and 65 - column 6, lines 1-7) 

19. For claim 11, US '156 teaches: 

A method for preventing network discovery of a system services configuration as recited 
in claim 1 wherein authenticating the remote address based on the pattern associated 
with the request further includes sending a message to the remote address if the 
request fails to authenticate, (see column 5, lines 53 - 56 and 65 - column 6, lines 1-7) 

20. For claim 13, US '156 discloses: 

A method for preventing network discovery of a system services configuration as recited 
in claim 1 wherein enabling access to the host by the remote address further includes 
implementing a handshake between the remote address and the host, (see column 4, 
lines 54 -58) 

Conclusion 

21 . THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
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the advisory action. In no event, however, will the statutory period for reply expire later 

than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to HADI ARMOUCHE whose telephone number is 
(571)270-3618. The examiner can normally be reached on M-Th 7:30-5:00 and Fridays 
half day. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on (571) 272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/H. A./ 

HADI ARMOUCHE 
Examiner, Art Unit 2432 
02/12/2009 



/Gilberto Barron Jr./ 

Supervisory Patent Examiner, Art Unit 2432 



